Yahoo Hack Victims Line Up To Get $100 (Or Less) For Historic Hack

Legal Issues

from the timid-and-pointless dept

It seems like only yesterday that we learned of the historic hack of Yahoo, resulting in the leaked data of more than 500,000 subscribers. Granted, like most hack stories, it didn’t take long before we learned that the impacted number of subscribers was far far larger, with in fact several different hacks resulting in the leaked data of roughly 3 billion potential users, or pretty much everybody that had ever used the service.

Granted like other similar hacks, the $117.5 million settlement “holding Yahoo accountable” didn’t do anything of the sort. The settlement website has gone live, and is informing impacted users that they may be entitled to $100 as a result of the breach. Of course, just like the flimsy Equifax hack and settlement, users are also being told that they shouldn’t actually expect to get that money depending on the number of folks interested in actually being compensated:

“Settlement Class Members are encouraged to submit a claim to receive a minimum of two years of future Credit Monitoring Services. If you already have Credit Monitoring Services, you may still sign up for this additional protection. Alternatively, if you verify that you already have a credit monitoring service that you will keep for at least one year, you may submit a claim for a cash payment of $100.00 instead of receiving Credit Monitoring Services through the Settlement. Payment for such a claim may be less than $100.00 or more (up to $358.80) depending on how many Settlement Class Members participate in the Settlement.”

That $358 tally is never going to happen given people like free money. Much like the “historic” settlement in the Equifax case, users are being promised either free credit reporting software or a cash payout the settlement isn’t robust enough to actually support. But as we’ve noted previously, credit reporting is largely a useless perk; it’s already been given away free as the result of an endless series of previous similar hacks, and it’s usually only included in these kinds of cases to give the illusion of a fatter pot, letting feckless regulators proclaim “record” settlements.

At least in this case, the Yahoo settlement makes it clear you probably won’t be getting that full $100, something the Equifax settlement administrators and the FTC only revealed after the fact while proclaiming “surprise” at the number of people eager to be modestly compensated.

As it stands, the option to nab either worthless credit monitoring (or cash you probably won’t actually see) is available to US or Israeli residents who had a free Yahoo account at any time between January 1, 2012 and December 31, 2016. Like the Equifax settlement users may also be eligible for up to $25,000 if they can prove the hack directly resulted in financial harm via identity theft (no easy feat). The settlement is still pending final approval, but impacted users must make their claim for free credit monitoring or a cash payout by July 20, 2020.

Ultimately, no matter how many times regulators proclaim these kinds of settlements involve “record” financial tallies, they’re doing little to nothing to either aid users, or hold companies accountable for making securing private user data an afterthought.

Filed Under: class action, data breaches, hacks, payments, settlements
Companies: yahoo